[colug-432] IPv6

R P Herrold herrold at owlriver.com
Fri Nov 22 15:29:53 EST 2013 

On Fri, 22 Nov 2013, Rick Troth wrote:

> Long soggy saga about how I tried for years to get V6 connectivity. Russ
> turned me on to SixXS (tunnel broker). I also use HE (another tunnel
> broker). Have "native" V6 now for one server, but most are still
> tunneled. Works.

IPv6 is cool as to the capabilities it offers, in addition to 
being the only realistic way into the future away from the 
exhausted globally routed ipv4 approach [cell phones, tablets, 
virtualization and 'on demand compute', and such cause 
unbearable pressure]

RFC 1918 local scope networks still make sense as the 
assignment space is 'mostly' large enough.  AWS has a 
reasonable Layer 2 approach with Elastic IP's, Red Hat with 
Neutron / Open VSWITCH, but it is a deployment devops burden.  
PMman decided to dodge this early on by only exposing to 
customers down to Layer 3 on the 'public facing' sides.  
Other implications emerge as a result of that and another 
design tradeoff we took -- we went for the spike of higher 
performance; AWS and RH for scale-out width

Grafting ipv6 onto AWS, and onto Red Hat's approaches are 
still in the young stages, I feel. I raised the ipv6 topic 
earlier this week in a meeting [1]


We designed the pmman native ipv6 address assignment algorithm 
for customer VM's with some care a while back.  I won't post 
the answer to the riddle about how, but offer these clues [MUA 
linewraps noted with conventional '\' annotation]:

[herrold at centos-6 ~]$ dig -t A pmman.com | grep "A" | \
	grep ^pmman
pmman.com.              44      IN      A       198.49.244.238
[herrold at centos-6 ~]$ dig -t AAAA pmman.com | grep "A" | \
	grep ^pmman
pmman.com.              39      IN      AAAA    \
	2605:4400:1:781:216:3eff:fe31:f4ee
[herrold at centos-6 ~]$ ssh -l root pmman.com ifconfig eth0 | \
	grep ^eth
eth0      Link encap:Ethernet  HWaddr 00:16:3E:31:F4:EE
[herrold at centos-6 ~]$ ssh -l root pmman.com ifconfig eth0 | \
	grep inet6
          inet6 addr: 2605:4400:1:781:216:3eff:fe31:f4ee/64 \
	Scope:Global
          inet6 addr: fe80::216:3eff:fe31:f4ee/64 Scope:Link 
[herrold at centos-6 ~]$ host 2605:4400:1:781:216:3eff:fe31:f4ee
e.e.4.f.1.3.e.f.f.f.e.3.6.1.2.0.1.8.7.0.1.0.0.0.0.0.4.4.5.0.6.2.ip6.arpa \
	domain name pointer pmman.com.
[herrold at centos-6 ~]$ host 198.49.244.238
238.244.49.198.in-addr.arpa domain name pointer pmman.com.


There have been some mention of privacy concerns as to 
assignments within ipv6 /64 blocks in Europe, but I don't 
really see it as exposing any new PII not otherwise available 
through passive traffic pattern analysis

-- Russ herrold

[1] http://resources.ovirt.org/meetings/ovirt/2013/ovirt.2013-11-20-15.03.log.html

More information about the colug-432 mailing list